GDPR should not be viewed as witch hunt but rather a good reason for a spring clean of your data.
The double opt-in is the gold standard for GDPR compliance but it is by no means the only tactic available. One thing that is essential is making your opt-ins explicit i.e. your audience is made aware of what content they are agreeing to receiving and from what source. However, this in itself can have substantial benefits including greater engagement rates and a clearer understanding of your site traffic
Creating an opt-in database isn’t as hard as you might think and the data performs at a much higher rate than opt-out data.
What’s a sensible GDPR checklist for email marketers?
- Determine if and how you will be affected by the GDPR – this is easy to assess. If you are sending emails to anybody in the EU you will affected by the GDPR. Your location doesn’t matter.
- Make sure you understand the penalties. They are significant.
- Plan according to the timeline. You have 12 months left to get as much data double-opted in as possible.
- Establish which controls you will need in place such as an opt-in service. Chat with your email providers to understand what they have in place.
- Get the specifics of your opt-in statement right. Talk about the catch-all but remind them to get it approved by their legal team. Get the balance of the wording right. Be clear and unambiguous.
- Check that your privacy and cookie consent policies are transparent in compliance.
- Get explicit opt-in consent from those with implied consent… in other words, from your customers and engaged data contacts. Email them and explain why you need them to opt in.
- Get as much of your data as possible to opt in to your future communications as soon as you have the above all set up. If you host events ask attendees to opt for the slides, have a pop-up on your website and run double opt-in campaigns.
- Buy as many targeted data lists as you can now and get as many of them as possible to opt in to your communications.
The EU General Data Protection Regulation (GDPR) should be welcomed as an immensely pragmatic regulation. GDPR both safeguards the rights of the individual to control their personal data, and enables organisations to utilise that data in a secure and lawful way.